Home page logo
/

bugtraq logo Bugtraq mailing list archives

syslog/udp
From: newsham () uhunix uhcc hawaii edu (Tim Newsham )
Date: Sun, 20 Feb 94 12:12:10 HST


Hi,
  If you are running syslogd on your machine and you dont receive
remote logging to that machine you should probably consider removing
the remote function of the program.  Besides being another possible
security risk a person may easily corrupt your audit logs though
this port.  It is quite easy to send fake messages to the syslogd
at any facility and level.  An easy way to fix this would probably
be to change the line:

    int nfds, readfds = FDMASK(funix) | inetm | klogm;

to

    int nfds, readfds = FDMASK(funix) | klogm;

This will keep the inet socket from ever getting selected and read.
I have not tested this however.  An access control list would
do no good here since the packets are UDP and source address is
quite easy to forge.

                                 Tim N.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]